From da57cf49872f400c8c1617afb178ad52e66bfb09 Mon Sep 17 00:00:00 2001 From: Mazlum Toprak Date: Thu, 24 Jul 2025 11:30:29 +0200 Subject: [PATCH] fix user reference unit test, fmt --- hscontrol/app.go | 2 +- hscontrol/db/oidc_session.go | 1 - hscontrol/oidc.go | 2 -- hscontrol/oidc_test.go | 5 ++--- hscontrol/types/oidc_session.go | 2 +- 5 files changed, 4 insertions(+), 8 deletions(-) diff --git a/hscontrol/app.go b/hscontrol/app.go index 16f943e8..6fab0fae 100644 --- a/hscontrol/app.go +++ b/hscontrol/app.go @@ -309,7 +309,7 @@ func (h *Headscale) oidcTokenRefreshJob(ctx context.Context, oidcProvider *AuthP defer refreshTicker.Stop() defer gracePeriodTicker.Stop() - log.Info().Msgf("OIDC: Background token refresh job started (checking every %v for tokens expiring within %v)", + log.Info().Msgf("OIDC: Background token refresh job started (checking every %v for tokens expiring within %v)", checkInterval, oidcProvider.cfg.TokenRefresh.ExpiryThreshold) for { diff --git a/hscontrol/db/oidc_session.go b/hscontrol/db/oidc_session.go index 866f8347..84ded55d 100644 --- a/hscontrol/db/oidc_session.go +++ b/hscontrol/db/oidc_session.go @@ -67,7 +67,6 @@ func InvalidateExpiredOIDCSessions(tx *gorm.DB, offlineGracePeriod time.Duration err := tx.Joins("JOIN nodes ON nodes.id = oidc_sessions.node_id"). Where("oidc_sessions.is_active = ? AND nodes.last_seen IS NOT NULL AND nodes.last_seen < ?", true, cutoff). Find(&sessions).Error - if err != nil { return fmt.Errorf("failed to find expired OIDC sessions: %w", err) } diff --git a/hscontrol/oidc.go b/hscontrol/oidc.go index 34d45c07..a3d179eb 100644 --- a/hscontrol/oidc.go +++ b/hscontrol/oidc.go @@ -409,7 +409,6 @@ func (a *AuthProviderOIDC) getOauth2Token( // createOrUpdateOIDCSession creates or updates an OIDC session for a node func (a *AuthProviderOIDC) createOrUpdateOIDCSession(registrationID types.RegistrationID, token *oauth2.Token, nodeID types.NodeID) error { - if token.RefreshToken == "" { log.Warn(). Str("node_id", nodeID.String()). @@ -471,7 +470,6 @@ func (a *AuthProviderOIDC) createOrUpdateOIDCSession(registrationID types.Regist // RefreshOIDCSession refreshes an expired OIDC session using the stored refresh token // and updates the node expiry using the existing HandleNodeFromAuthPath flow func (a *AuthProviderOIDC) RefreshOIDCSession(ctx context.Context, session *types.OIDCSession) error { - if session.RefreshToken == "" { return fmt.Errorf("no refresh token available for session %s", session.SessionID) } diff --git a/hscontrol/oidc_test.go b/hscontrol/oidc_test.go index fd9a7342..106da434 100644 --- a/hscontrol/oidc_test.go +++ b/hscontrol/oidc_test.go @@ -153,7 +153,7 @@ func TestCreateOrUpdateOIDCSession(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - err := oidcProvider.createOrUpdateOIDCSession(tt.user, tt.registrationID, tt.token, node.ID) + err := oidcProvider.createOrUpdateOIDCSession(tt.registrationID, tt.token, node.ID) if tt.expectError { assert.Error(t, err) @@ -164,7 +164,7 @@ func TestCreateOrUpdateOIDCSession(t *testing.T) { if tt.expectSession && tt.token.RefreshToken != "" { // Verify session was created/updated var session types.OIDCSession - err = hsdb.DB.Where("user_id = ? AND node_id = ?", tt.user.ID, node.ID).First(&session).Error + err = hsdb.DB.Where("node_id = ?", node.ID).First(&session).Error assert.NoError(t, err) assert.Equal(t, tt.token.RefreshToken, session.RefreshToken) assert.True(t, session.IsActive) @@ -516,7 +516,6 @@ func TestRefreshOIDCSessionValidation(t *testing.T) { }() err := oidcProvider.RefreshOIDCSession(ctx, tt.session) - // If we get here, it means no panic occurred (good for empty refresh token test) if err != nil { assert.Contains(t, err.Error(), tt.errorMsg) diff --git a/hscontrol/types/oidc_session.go b/hscontrol/types/oidc_session.go index 0f0ec0b7..57cf3050 100644 --- a/hscontrol/types/oidc_session.go +++ b/hscontrol/types/oidc_session.go @@ -19,7 +19,7 @@ type OIDCSession struct { RegistrationID RegistrationID `gorm:"not null"` // For reusing HandleNodeFromAuthPath // Token data - RefreshToken string `gorm:"type:text"` //TODO: Encrypt? + RefreshToken string `gorm:"type:text"` // TODO: Encrypt? // Token lifecycle TokenExpiry *time.Time `gorm:"index"`